Stars
WeChatOpenDevTool 微信小程序强制开启开发者工具
一个用于处理fsacn输出结果的小脚本(尤其面对大量资产的fscan扫描结果做输出优化,让你打点快人一步!!!)
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool
Pingtunnel is a tool that send TCP/UDP traffic over ICMP
Sysmon configuration file template with default high-quality event tracing
80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
1、点击“检测漏洞”,会自动检测该URL是否存在S2-001、S2-005、S2-009、S2-013、S2-016、S2-019、S2-020/021、S2-032、S2-037、DevMode、S2-045/046、S2-052、S2-048、S2-053、S2-057、S2-061、S2相关log4j2十余种漏洞。 2、“批量验证”,(为防止批量geshell,此功能已经删除,并不再开…
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens